Template version: April 23, 2026 · Contact enterprise@lexitio.com to execute a signed BAA
Requesting an Executed BAA
This page displays the standard terms of our Business Associate Agreement. To receive a countersigned BAA for your firm, email enterprise@lexitio.com with your firm name, the name and title of the authorized signatory, and a brief description of the PHI you handle. We typically return a countersigned BAA within 2 business days.
Note: A BAA is required if your firm handles matters involving protected health information (PHI) — for example, personal injury cases with medical records, workers’ compensation, or any healthcare-adjacent legal work.
This Business Associate Agreement (“BAA” or “Agreement”) is entered into between Lexitio, Inc. (“Business Associate”) and the law firm or legal professional executing the Lexitio Terms of Service or a signed version of this Agreement (“Covered Entity” or “Covered Professional”).
This BAA supplements and is incorporated into the Lexitio Terms of Service. In the event of a conflict between this BAA and the Terms of Service, this BAA controls with respect to Protected Health Information.
Protected Health Information (PHI) has the meaning set forth in 45 C.F.R. § 160.103 — individually identifiable health information created, received, maintained, or transmitted by a Covered Entity.
Business Associate Services means the Lexitio platform and all features provided to the Covered Entity, including AI-assisted document drafting, matter management, evidence storage, and OSINT investigation tools.
Breach has the meaning set forth in 45 C.F.R. § 164.402 — the acquisition, access, use, or disclosure of PHI in a manner not permitted under the HIPAA Privacy Rule that compromises the security or privacy of the PHI.
Lexitio may use and disclose PHI only to the extent necessary to:
Lexitio will not use or disclose PHI for any other purpose, including but not limited to marketing, sale to third parties, or AI model training.
Lexitio agrees to implement and maintain appropriate safeguards, including:
Full details of our technical safeguards are available at lexitio.com/security.
Lexitio will enter into written agreements with any subcontractor that creates, receives, maintains, or transmits PHI on Lexitio’s behalf, imposing equivalent obligations as those set forth in this BAA. Current subprocessors that may process PHI are listed in our Privacy Policy (Section 4). We will notify the Covered Entity of any material subprocessor changes.
In the event of a Breach of Unsecured PHI, Lexitio will notify the Covered Entity without unreasonable delay and in no case later than 60 calendar days after discovery of the Breach. Notification will include, to the extent known: (a) a description of the Breach; (b) a description of the PHI involved; (c) the identity of individuals affected; (d) steps individuals may take to protect themselves; and (e) what Lexitio is doing to investigate, mitigate, and prevent future Breaches.
To the extent Lexitio maintains a Designated Record Set on behalf of the Covered Entity, Lexitio will:
Individuals may exercise their rights by contacting the Covered Entity directly or, for data export and deletion, using the self-service tools in the Lexitio settings panel.
This BAA is effective as of the date the Covered Entity executes the Lexitio Terms of Service or a signed BAA, whichever is earlier. It continues until the Covered Entity’s subscription terminates.
Upon termination, Lexitio will, at the Covered Entity’s election, return or destroy all PHI within 30 days, subject to legal hold obligations and applicable law. If return or destruction is infeasible, protections will be extended for as long as Lexitio retains the PHI.
This BAA is governed by the laws of New Jersey, United States, and by applicable federal HIPAA regulations. In the event of a conflict between this BAA and any applicable law, the more protective provision controls.
This BAA constitutes the entire agreement between the parties regarding PHI and supersedes any prior agreements or understandings on the same subject.